Posted on 08/28/2005 10:56:31 AM PDT by FairOpinion
Carpenter had never seen hackers work so quickly, with such a sense of purpose. They would commandeer a hidden section of a hard drive, zip up as many files as possible and immediately transmit the data to way stations in South Korea, Hong Kong or Taiwan before sending them to mainland China. They always made a silent escape, wiping their electronic fingerprints clean and leaving behind an almost undetectable beacon allowing them to re-enter the machine at will. An entire attack took 10 to 30 minutes. "Most hackers, if they actually get into a government network, get excited and make mistakes," says Carpenter. "Not these guys. They never hit a wrong key."
Goaded by curiosity and a sense that he could help the U.S. defend itself against a new breed of enemy, Carpenter gave chase to the attackers. He hopped just as stealthily from computer to computer across the globe, chasing the spies as they hijacked a web of far-flung computers. Eventually he followed the trail to its apparent end, in the southern Chinese province of Guangdong. He found that the attacks emanated from just three Chinese routers that acted as the first connection point from a local network to the Internet.
(Excerpt) Read more at time.com ...
"A federal law-enforcement official familiar with the investigation says the FBI is "aggressively" pursuing the possibility that the Chinese government is behind the attacks. "
Can there be any doubt?!
As you read further, you find, that the guy at Sandia Labs, who was helping the FBI to follow these enemy spies, was FIRED from his job, his clearances were pulled, because "Under U.S. law, it is illegal for Americans to hack into foreign computers."
More laws that make us unable to defend ourselves against the enemy.
bttt
Very interesting article Ping.
Why would anyone have such highly sensitive material online. In a place that can be remotely accessed? This is asking for trouble.
I suppose the answer is convenience and easy accessibly for legitimate users
Another interesting snippet:
"Hundreds of Defense Department computer systems had been penetrated by an insidious program known as a "trojan," the alert warned. "These compromises ... allow an unknown adversary not only control over the DOD hosts, but also the capability to use the DOD hosts in malicious activity. The potential also exists for the perpetrator to potentially shut down each host."
IOW -- they get in, spy on what we have, and can even shut down the computers, or take them over.
The American business community naivete, or just plain greed, in dealing with a ruthless communist dictatorship (yes, that's what mainland China is) is almost as laughably sad as Clinton's sell out of the very sensitive technology this enemy of freedom is using to attempt to eventually defeat us. They understand that as big as their land army is, they have never been a nation to seek to expand their border or invade other cultures, for the most part. They want economic control of the West, and the best way is to continue to usurp our systems and eventually our control. Wake up, America, the enemy has been quietly and carefully gnawing away at our defenses.
how freaking stupid is it to put stuff that really matters on a "world wide web?" if it can be encoded, it can decoded. But hey, wdik?
Before 9/11 I got into a pissing match with another Freeper who scoffed at my suggestion that the next "battle-front" with the chinese would be internet espionage. I rest my case.
I've been tracking them since before August 2001 when the "Code Red Virus" was created and distributed by the chicoms - the cyber attack peaked the morning of 9-11! What a coincidence!
We have handcuffed ourselves -- the laws that existed prior to 9-11 of the the intelligence agencies being forbidden to talk to each other, now we find out that even now there are US laws against breaking into foreign computers -- so how are we supposed to follow what the terrorists or enemy governments are doing. It is even illegal to follow the enemy spies who break into our computers. How stupid is that?
Carpenter, the civilian at Sandia who tracked a lot of this said, that the FBI never even asked him for the passwords, and other tools, to allow them to pick up where he left off, after he was fired, when his work for the FBI was discovered and the FBI did nothing to help him.
PING
No FReeping on Sundays either! Get back to work! :-)
"I'm not sleeping well," he (Carpenter) says. "I know the Titan Rain group is out there working, now more than ever."
===
Doesn't this starting to sound like the Able Danger guys, nobody pays any attention until AFTER a disaster happens.
You would be amazed at how naive the American business community is with regards to information security.
Most companies spend more money on landscaping than they do infosec.
How many of those compromised systems were running *NIX?
It's a bummer that we can't pursue the bad guys right to their MAC Address!
bttt Well looky here.
Anyone who hasn't read "The Art Of Deception" by Kevin Mitnick might want to. Scarier than any fiction. And I'm sure the chicoms have several people just as competent already in place.
It really is amazing at how clueless nearly everyone is in regard to infosec. The best tech in the world is nearly useless if the wrong person in an organization acts stupidly.
The only way to truly secure a computer is to unplug it, IMHO.
Kudos to Carpenter for trying to get this out in public view. He is a patriot.
One of the reasons I read current fiction like John Sandford (the "Kidd" series) and Tom Clancy (his "Op Center" series with several other guys) is to try to keep up with this area. These authors, and there are surely others, know something about this, and are almost precient. Reading the Time article gave me deja vu chills with some of Clancy's work.
Anyone have other authors of this genre? I'd appreciate knowing of them.
Will our media have the cojones to ask questions about this Chinese spying of admin officials, or the President? This falls within W's term, and he should be doing something about it. And are we doing it to them, and others? We had better be.
I wonder how many Windows servers they've compromised with 0-Day exploits they wrote after being given access to Windows source code?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.